]> git.ipfire.org Git - ipfire-2.x.git/blobdiff - html/cgi-bin/captive.cgi
projects / ipfire-2.x.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
captive: Fix potential authenticated XSS in title processing
[ipfire-2.x.git] / html / cgi-bin / captive.cgi
diff --git a/html/cgi-bin/captive.cgi b/html/cgi-bin/captive.cgi
index 65cc349baf8e76a68b2e7aa5a7cc88bbf164d79c..b7c42e797e4fb6964f3755679da8287716123740 100755 (executable)
--- a/html/cgi-bin/captive.cgi
+++ b/html/cgi-bin/captive.cgi
@@ -104,7 +104,7 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save'}) {
        $settings{'ENABLE_GREEN'}               = $cgiparams{'ENABLE_GREEN'};
        $settings{'ENABLE_BLUE'}                = $cgiparams{'ENABLE_BLUE'};
        $settings{'AUTH'}                               = $cgiparams{'AUTH'};
-       $settings{'TITLE'}                              = $cgiparams{'TITLE'};
+       $settings{'TITLE'}                      = &Header::escape($cgiparams{'TITLE'});
        $settings{'COLOR'}                      = $cgiparams{'COLOR'};
        $settings{'SESSION_TIME'}               = $cgiparams{'SESSION_TIME'};
 
IPFire 2.x development tree